When possible, avoid using the - wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account key projects/-/serviceAccounts/fake@example.com/keys/fake-key, which does not exist, the response contains an HTTP 403 Forbidden error instead of a 404 Not Found error.
Authorization requires the following IAM permission on the specified resource name:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-07 UTC."],[[["This page details how to retrieve a `ServiceAccountKey` using a `GET` request to the specified URL, which follows gRPC Transcoding syntax."],["The `name` parameter in the URL path is required and specifies the resource name of the service account key, adhering to the defined formats that might include wildcard characters for project ID."],["The `publicKeyType` query parameter, which is optional, allows you to specify the format of the public key returned in the response, with `TYPE_NONE` as the default, meaning no key is returned."],["The request body must be empty when performing this get operation, while a successful response will contain an instance of the `ServiceAccountKey`."],["To perform this operation, one of the specified OAuth scopes, `https://www.googleapis.com/auth/iam` or `https://www.googleapis.com/auth/cloud-platform`, is required."]]],[]]
